Compassion Health Care Data Breach Exposes Patients' Medical Information

On March 17, 2025, Compassion Health Care, Inc. (CHC), based in North Carolina, detected suspicious activity on its network. This activity led to a network interruption and prompted an investigation. By March 21, 2025, CHC determined that an unauthorized third party may have viewed or downloaded sensitive data stored on certain systems.

The breach impacted both patients and employees/vendors, exposing a wide range of information.

The types of information exposed in this incident include personally identifiable information (PII) such as names, addresses, phone numbers, dates of birth or ages, Social Security numbers, and driver’s license numbers.

Additionally, protected health information (PHI) was compromised, including health insurance details, claims information, and clinical or diagnostic information related to medical services received from CHC providers.

For employees and vendors, additional data such as income information, financial account details, and potentially bank account and routing numbers may also have been exposed.

According to the disclosure filed with the Massachusetts Attorney General, the breach affected at least 2 individuals in Massachusetts. The full scope of the incident is detailed in the official notice posted by Compassion Health Care, Inc.. The breach is considered severe due to the sensitive nature of the information accessed and the fact that both PII and PHI were involved.

Compassion Health Care's response

In response to the breach, Compassion Health Care is offering complimentary credit monitoring and identity theft restoration services through HaystackID to those affected.

If you are a current or former patient, employee, or vendor of CHC and have not received a notification, you are encouraged to contact the dedicated inquiry line at 855-260-8137 for further assistance.

Given the nature of the breach, it is important for affected individuals to remain vigilant. CHC recommends reviewing account statements and monitoring credit reports for any suspicious activity. Promptly notify your financial institution if you detect unauthorized transactions, and consider placing a fraud alert or credit freeze with the major credit bureaus.

For those who suspect their Social Security number or other sensitive information has been misused, it is advisable to report the incident to law enforcement, the IRS (for tax-related identity theft), and your state’s Attorney General. The detailed steps and additional resources can be found in the notice linked above.

For more information about their services and mission, visit the Compassion Health Care, Inc. website.